@pulumi/cloudflare 6.1.0-alpha.1744817152 → 6.1.0

package/types/output.d.ts

@@ -2527,6 +2527,8 @@ export interface AccountSettings {
     abuseContactEmail?: string;
     /**
      * Specifies the default nameservers to be used for new zones added to this account.
+     *
+     * @deprecated This attribute is deprecated.
      */
     defaultNameservers: string;
     /**
@@ -2539,6 +2541,8 @@ export interface AccountSettings {
      * nameservers by default.
      *
      * Deprecated in favor of [DNS Settings](https://developers.cloudflare.com/api/operations/dns-settings-for-an-account-update-dns-settings).
+     *
+     * @deprecated This attribute is deprecated.
      */
     useAccountCustomNsByDefault: boolean;
 }
@@ -3448,6 +3452,8 @@ export interface DlpCustomProfileEntryPattern {
     regex: string;
     /**
      * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
      */
     validation?: string;
 }
@@ -3500,6 +3506,8 @@ export interface DlpCustomProfileProfileEntryPattern {
     regex: string;
     /**
      * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
      */
     validation?: string;
 }
@@ -3594,11 +3602,11 @@ export interface DnsRecordData {
     /**
      * Minutes of latitude.
      */
-    latMinutes: number;
+    latMinutes?: number;
     /**
      * Seconds of latitude.
      */
-    latSeconds: number;
+    latSeconds?: number;
     /**
      * Degrees of longitude.
      */
@@ -3611,11 +3619,11 @@ export interface DnsRecordData {
     /**
      * Minutes of longitude.
      */
-    longMinutes: number;
+    longMinutes?: number;
     /**
      * Seconds of longitude.
      */
-    longSeconds: number;
+    longSeconds?: number;
     /**
      * Matching Type.
      */
@@ -3631,11 +3639,11 @@ export interface DnsRecordData {
     /**
      * Horizontal precision of location.
      */
-    precisionHorz: number;
+    precisionHorz?: number;
     /**
      * Vertical precision of location.
      */
-    precisionVert: number;
+    precisionVert?: number;
     /**
      * Preference.
      */
@@ -3671,7 +3679,7 @@ export interface DnsRecordData {
     /**
      * Size of location in meters.
      */
-    size: number;
+    size?: number;
     /**
      * Name of the property controlled by this record (e.g.: issue, issuewild, iodef).
      */
@@ -4805,6 +4813,8 @@ export interface GetAccountSettings {
     abuseContactEmail: string;
     /**
      * Specifies the default nameservers to be used for new zones added to this account.
+     *
+     * @deprecated This attribute is deprecated.
      */
     defaultNameservers: string;
     /**
@@ -4817,6 +4827,8 @@ export interface GetAccountSettings {
      * nameservers by default.
      *
      * Deprecated in favor of [DNS Settings](https://developers.cloudflare.com/api/operations/dns-settings-for-an-account-update-dns-settings).
+     *
+     * @deprecated This attribute is deprecated.
      */
     useAccountCustomNsByDefault: boolean;
 }
@@ -5033,6 +5045,8 @@ export interface GetAccountsResultSettings {
     abuseContactEmail: string;
     /**
      * Specifies the default nameservers to be used for new zones added to this account.
+     *
+     * @deprecated This attribute is deprecated.
      */
     defaultNameservers: string;
     /**
@@ -5045,6 +5059,8 @@ export interface GetAccountsResultSettings {
      * nameservers by default.
      *
      * Deprecated in favor of [DNS Settings](https://developers.cloudflare.com/api/operations/dns-settings-for-an-account-update-dns-settings).
+     *
+     * @deprecated This attribute is deprecated.
      */
     useAccountCustomNsByDefault: boolean;
 }
@@ -6562,7 +6578,7 @@ export interface GetDnsFirewallsResult {
      */
     ecsFallback: boolean;
     /**
-     * Identifier
+     * Identifier.
      */
     id: string;
     /**
@@ -6978,7 +6994,7 @@ export interface GetDnsRecordsResult {
      */
     data: outputs.GetDnsRecordsResultData;
     /**
-     * Identifier
+     * Identifier.
      */
     id: string;
     /**
@@ -7294,6 +7310,8 @@ export interface GetEmailRoutingAddressesResult {
     modified: string;
     /**
      * Destination address tag. (Deprecated, replaced by destination address identifier)
+     *
+     * @deprecated This attribute is deprecated.
      */
     tag: string;
     /**
@@ -7477,6 +7495,8 @@ export interface GetEmailRoutingRulesResult {
     priority: number;
     /**
      * Routing rule tag. (Deprecated, replaced by routing rule identifier)
+     *
+     * @deprecated This attribute is deprecated.
      */
     tag: string;
 }
@@ -7548,6 +7568,9 @@ export interface GetEmailSecurityImpersonationRegistriesResult {
     directoryId: number;
     directoryNodeId: number;
     email: string;
+    /**
+     * @deprecated This attribute is deprecated.
+     */
     externalDirectoryNodeId: string;
     id: number;
     isEmailRegex: boolean;
@@ -9130,7 +9153,7 @@ export interface GetLogpushDatasetJobOutputOptions {
      */
     recordSuffix: string;
     /**
-     * String to use as template for each record instead of the default comma-separated list. All fields used in the template must be present in `fieldNames` as well, otherwise they will end up as null. Format as a Go `text/template` without any standard functions, like conditionals, loops, sub-templates, etc.
+     * String to use as template for each record instead of the default json key value mapping. All fields used in the template must be present in `fieldNames` as well, otherwise they will end up as null. Format as a Go `text/template` without any standard functions, like conditionals, loops, sub-templates, etc.
      */
     recordTemplate: string;
     /**
@@ -9182,7 +9205,7 @@ export interface GetLogpushJobOutputOptions {
      */
     recordSuffix: string;
     /**
-     * String to use as template for each record instead of the default comma-separated list. All fields used in the template must be present in `fieldNames` as well, otherwise they will end up as null. Format as a Go `text/template` without any standard functions, like conditionals, loops, sub-templates, etc.
+     * String to use as template for each record instead of the default json key value mapping. All fields used in the template must be present in `fieldNames` as well, otherwise they will end up as null. Format as a Go `text/template` without any standard functions, like conditionals, loops, sub-templates, etc.
      */
     recordTemplate: string;
     /**
@@ -9215,6 +9238,8 @@ export interface GetLogpushJobsResult {
     /**
      * This field is deprecated. Please use `max_upload_*` parameters instead. The frequency at which Cloudflare sends batches of logs to your destination. Setting frequency to high sends your logs in larger quantities of smaller files. Setting frequency to low sends logs in smaller quantities of larger files.
      * Available values: "high", "low".
+     *
+     * @deprecated This attribute is deprecated.
      */
     frequency: string;
     /**
@@ -9236,6 +9261,8 @@ export interface GetLogpushJobsResult {
     lastError: string;
     /**
      * This field is deprecated. Use `outputOptions` instead. Configuration string. It specifies things like requested fields and timestamp formats. If migrating from the logpull api, copy the url (full url or just the query string) of your call here, and logpush will keep on making this call for you, setting start and end times appropriately.
+     *
+     * @deprecated This attribute is deprecated.
      */
     logpullOptions: string;
     /**
@@ -9298,7 +9325,7 @@ export interface GetLogpushJobsResultOutputOptions {
      */
     recordSuffix: string;
     /**
-     * String to use as template for each record instead of the default comma-separated list. All fields used in the template must be present in `fieldNames` as well, otherwise they will end up as null. Format as a Go `text/template` without any standard functions, like conditionals, loops, sub-templates, etc.
+     * String to use as template for each record instead of the default json key value mapping. All fields used in the template must be present in `fieldNames` as well, otherwise they will end up as null. Format as a Go `text/template` without any standard functions, like conditionals, loops, sub-templates, etc.
      */
     recordTemplate: string;
     /**
@@ -9600,7 +9627,7 @@ export interface GetMagicTransitSiteLansResult {
      */
     staticAddressing: outputs.GetMagicTransitSiteLansResultStaticAddressing;
     /**
-     * VLAN port number.
+     * VLAN ID. Use zero for untagged.
      */
     vlanTag: number;
 }
@@ -9719,7 +9746,7 @@ export interface GetMagicTransitSiteWansResult {
      */
     staticAddressing: outputs.GetMagicTransitSiteWansResultStaticAddressing;
     /**
-     * VLAN port number.
+     * VLAN ID. Use zero for untagged.
      */
     vlanTag: number;
 }
@@ -11801,6 +11828,10 @@ export interface GetQueueSettings {
      * Number of seconds to delay delivery of all messages to consumers.
      */
     deliveryDelay: number;
+    /**
+     * Indicates if message delivery to consumers is currently paused.
+     */
+    deliveryPaused: boolean;
     /**
      * Number of seconds after which an unconsumed message will be delayed.
      */
@@ -11880,6 +11911,10 @@ export interface GetQueuesResultSettings {
      * Number of seconds to delay delivery of all messages to consumers.
      */
     deliveryDelay: number;
+    /**
+     * Indicates if message delivery to consumers is currently paused.
+     */
+    deliveryPaused: boolean;
     /**
      * Number of seconds after which an unconsumed message will be delayed.
      */
@@ -12530,10 +12565,6 @@ export interface GetRulesetRule {
      * The unique ID of the rule.
      */
     id: string;
-    /**
-     * The timestamp of when the rule was last modified.
-     */
-    lastUpdated: string;
     /**
      * An object configuring the rule's logging behavior.
      */
@@ -12546,10 +12577,6 @@ export interface GetRulesetRule {
      * The reference of the rule (the rule ID by default).
      */
     ref: string;
-    /**
-     * The version of the rule.
-     */
-    version: string;
 }
 export interface GetRulesetRuleActionParameters {
     /**
@@ -13262,10 +13289,6 @@ export interface GetRulesetsResult {
      * Available values: "managed", "custom", "root", "zone".
      */
     kind: string;
-    /**
-     * The timestamp of when the ruleset was last modified.
-     */
-    lastUpdated: string;
     /**
      * The human-readable name of the ruleset.
      */
@@ -13900,6 +13923,16 @@ export interface GetWaitingRoomEventsResult {
      * If set, the event will override the waiting room's `totalActiveUsers` property while it is active. If null, the event will inherit it. This can only be set if the event's `newUsersPerMinute` property is also set.
      */
     totalActiveUsers: number;
+    /**
+     * If set, the event will override the waiting room's `turnstileAction` property while it is active. If null, the event will inherit it.
+     * Available values: "log", "infiniteQueue".
+     */
+    turnstileAction: string;
+    /**
+     * If set, the event will override the waiting room's `turnstileMode` property while it is active. If null, the event will inherit it.
+     * Available values: "off", "invisible", "visible*non*interactive", "visibleManaged".
+     */
+    turnstileMode: string;
 }
 export interface GetWaitingRoomsResult {
     /**
@@ -14341,7 +14374,7 @@ export interface GetWorkersDeploymentDeploymentVersion {
 }
 export interface GetWorkersForPlatformsDispatchNamespacesResult {
     /**
-     * Identifier
+     * Identifier.
      */
     createdBy: string;
     /**
@@ -14349,7 +14382,7 @@ export interface GetWorkersForPlatformsDispatchNamespacesResult {
      */
     createdOn: string;
     /**
-     * Identifier
+     * Identifier.
      */
     modifiedBy: string;
     /**
@@ -14369,6 +14402,17 @@ export interface GetWorkersForPlatformsDispatchNamespacesResult {
      */
     scriptCount: number;
 }
+export interface GetWorkersForPlatformsScriptSecretsResult {
+    /**
+     * The name of this secret, this is what will be used to access it inside the Worker.
+     */
+    name: string;
+    /**
+     * The type of secret.
+     * Available values: "secretText".
+     */
+    type: string;
+}
 export interface GetWorkersKvNamespaceFilter {
     /**
      * Direction to order namespaces.
@@ -14382,6 +14426,10 @@ export interface GetWorkersKvNamespaceFilter {
     order?: string;
 }
 export interface GetWorkersKvNamespacesResult {
+    /**
+     * True if new beta namespace, with additional preview features.
+     */
+    beta: boolean;
     /**
      * Namespace identifier tag.
      */
@@ -14397,7 +14445,7 @@ export interface GetWorkersKvNamespacesResult {
 }
 export interface GetWorkersRoutesResult {
     /**
-     * Identifier
+     * Identifier.
      */
     id: string;
     pattern: string;
@@ -14442,11 +14490,15 @@ export interface GetWorkersScriptsResult {
     /**
      * Enables [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement).
      * Available values: "smart".
+     *
+     * @deprecated This attribute is deprecated.
      */
     placementMode: string;
     /**
      * Status of [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement).
      * Available values: "SUCCESS", "UNSUPPORTED*APPLICATION", "INSUFFICIENT*INVOCATIONS".
+     *
+     * @deprecated This attribute is deprecated.
      */
     placementStatus: string;
     /**
@@ -15637,7 +15689,7 @@ export interface GetZeroTrustAccessApplicationsResult {
      */
     httpOnlyCookieAttribute: boolean;
     /**
-     * UUID
+     * UUID.
      */
     id: string;
     /**
@@ -15661,6 +15713,16 @@ export interface GetZeroTrustAccessApplicationsResult {
      */
     pathCookieAttribute: boolean;
     policies: outputs.GetZeroTrustAccessApplicationsResultPolicy[];
+    /**
+     * Allows matching Access Service Tokens passed HTTP in a single header with this name.
+     * This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers.
+     * The header value will be interpreted as a json object similar to:
+     * {
+     * "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+     * "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5"
+     * }
+     */
+    readServiceTokensFromHeader: string;
     saasApp: outputs.GetZeroTrustAccessApplicationsResultSaasApp;
     /**
      * Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
@@ -15672,6 +15734,8 @@ export interface GetZeroTrustAccessApplicationsResult {
     scimConfig: outputs.GetZeroTrustAccessApplicationsResultScimConfig;
     /**
      * List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be supported until **November 21, 2025.** If `destinations` are provided, then `selfHostedDomains` will be ignored.
+     *
+     * @deprecated This attribute is deprecated.
      */
     selfHostedDomains: string[];
     /**
@@ -16768,7 +16832,7 @@ export interface GetZeroTrustAccessCustomPagesResult {
      */
     type: string;
     /**
-     * UUID
+     * UUID.
      */
     uid: string;
     updatedAt: string;
@@ -17550,7 +17614,7 @@ export interface GetZeroTrustAccessGroupsResult {
      */
     excludes: outputs.GetZeroTrustAccessGroupsResultExclude[];
     /**
-     * UUID
+     * UUID.
      */
     id: string;
     /**
@@ -18492,7 +18556,7 @@ export interface GetZeroTrustAccessIdentityProvidersResult {
      */
     config: outputs.GetZeroTrustAccessIdentityProvidersResultConfig;
     /**
-     * UUID
+     * UUID.
      */
     id: string;
     /**
@@ -20158,15 +20222,15 @@ export interface GetZeroTrustDeviceCustomProfileFallbackDomain {
 }
 export interface GetZeroTrustDeviceCustomProfileInclude {
     /**
-     * The address in CIDR format to include in the tunnel. If address is present, host must not be present.
+     * The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present.
      */
     address: string;
     /**
-     * A description of the split tunnel item, displayed in the client UI.
+     * A description of the Split Tunnel item, displayed in the client UI.
      */
     description: string;
     /**
-     * The domain name to include in the tunnel. If host is present, address must not be present.
+     * The domain name to include in the tunnel. If `host` is present, `address` must not be present.
      */
     host: string;
 }
@@ -20257,9 +20321,6 @@ export interface GetZeroTrustDeviceCustomProfilesResult {
      * The name of the device settings profile.
      */
     name: string;
-    /**
-     * Device ID.
-     */
     policyId: string;
     /**
      * The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
@@ -20314,15 +20375,15 @@ export interface GetZeroTrustDeviceCustomProfilesResultFallbackDomain {
 }
 export interface GetZeroTrustDeviceCustomProfilesResultInclude {
     /**
-     * The address in CIDR format to include in the tunnel. If address is present, host must not be present.
+     * The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present.
      */
     address: string;
     /**
-     * A description of the split tunnel item, displayed in the client UI.
+     * A description of the Split Tunnel item, displayed in the client UI.
      */
     description: string;
     /**
-     * The domain name to include in the tunnel. If host is present, address must not be present.
+     * The domain name to include in the tunnel. If `host` is present, `address` must not be present.
      */
     host: string;
 }
@@ -20376,15 +20437,15 @@ export interface GetZeroTrustDeviceDefaultProfileFallbackDomain {
 }
 export interface GetZeroTrustDeviceDefaultProfileInclude {
     /**
-     * The address in CIDR format to include in the tunnel. If address is present, host must not be present.
+     * The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present.
      */
     address: string;
     /**
-     * A description of the split tunnel item, displayed in the client UI.
+     * A description of the Split Tunnel item, displayed in the client UI.
      */
     description: string;
     /**
-     * The domain name to include in the tunnel. If host is present, address must not be present.
+     * The domain name to include in the tunnel. If `host` is present, `address` must not be present.
      */
     host: string;
 }
@@ -21026,6 +21087,8 @@ export interface GetZeroTrustDlpCustomProfileEntryPattern {
     regex: string;
     /**
      * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
      */
     validation: string;
 }
@@ -21115,6 +21178,8 @@ export interface GetZeroTrustDlpEntriesResultPattern {
     regex: string;
     /**
      * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
      */
     validation: string;
 }
@@ -21132,6 +21197,8 @@ export interface GetZeroTrustDlpEntryPattern {
     regex: string;
     /**
      * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
      */
     validation: string;
 }
@@ -21181,6 +21248,8 @@ export interface GetZeroTrustDlpPredefinedProfileEntryPattern {
     regex: string;
     /**
      * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
      */
     validation: string;
 }
@@ -21483,23 +21552,44 @@ export interface GetZeroTrustGatewayCertificatesResult {
     uploadedOn: string;
 }
 export interface GetZeroTrustGatewayLoggingSettingsByRuleType {
+    dns: outputs.GetZeroTrustGatewayLoggingSettingsByRuleTypeDns;
+    http: outputs.GetZeroTrustGatewayLoggingSettingsByRuleTypeHttp;
+    l4: outputs.GetZeroTrustGatewayLoggingSettingsByRuleTypeL4;
+}
+export interface GetZeroTrustGatewayLoggingSettingsByRuleTypeDns {
+    /**
+     * Log all requests to this service.
+     */
+    logAll: boolean;
     /**
-     * Logging settings for DNS firewall.
+     * Log only blocking requests to this service.
      */
-    dns: string;
+    logBlocks: boolean;
+}
+export interface GetZeroTrustGatewayLoggingSettingsByRuleTypeHttp {
     /**
-     * Logging settings for HTTP/HTTPS firewall.
+     * Log all requests to this service.
      */
-    http: string;
+    logAll: boolean;
     /**
-     * Logging settings for Network firewall.
+     * Log only blocking requests to this service.
      */
-    l4: string;
+    logBlocks: boolean;
+}
+export interface GetZeroTrustGatewayLoggingSettingsByRuleTypeL4 {
+    /**
+     * Log all requests to this service.
+     */
+    logAll: boolean;
+    /**
+     * Log only blocking requests to this service.
+     */
+    logBlocks: boolean;
 }
 export interface GetZeroTrustGatewayPoliciesResult {
     /**
      * The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to `true`.
-     * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4Override", "egress", "resolve", "quarantine".
+     * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4Override", "egress", "resolve", "quarantine", "redirect".
      */
     action: string;
     createdAt: string;
@@ -21660,6 +21750,10 @@ export interface GetZeroTrustGatewayPoliciesResultRuleSettings {
      * Settings that apply to quarantine rules
      */
     quarantine: outputs.GetZeroTrustGatewayPoliciesResultRuleSettingsQuarantine;
+    /**
+     * Settings that apply to redirect rules
+     */
+    redirect: outputs.GetZeroTrustGatewayPoliciesResultRuleSettingsRedirect;
     /**
      * Configure to forward the query to the internal DNS service, passing the specified 'view*id' as input. Cannot be set when 'dns*resolvers' are specified or 'resolve*dns*through*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
      */
@@ -21836,6 +21930,20 @@ export interface GetZeroTrustGatewayPoliciesResultRuleSettingsQuarantine {
      */
     fileTypes: string[];
 }
+export interface GetZeroTrustGatewayPoliciesResultRuleSettingsRedirect {
+    /**
+     * If true, context information will be passed as query parameters
+     */
+    includeContext: boolean;
+    /**
+     * If true, the path and query parameters from the original request will be appended to target_uri
+     */
+    preservePathAndQuery: boolean;
+    /**
+     * URI to which the user will be redirected
+     */
+    targetUri: string;
+}
 export interface GetZeroTrustGatewayPoliciesResultRuleSettingsResolveDnsInternally {
     /**
      * The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries.
@@ -21986,6 +22094,10 @@ export interface GetZeroTrustGatewayPolicyRuleSettings {
      * Settings that apply to quarantine rules
      */
     quarantine: outputs.GetZeroTrustGatewayPolicyRuleSettingsQuarantine;
+    /**
+     * Settings that apply to redirect rules
+     */
+    redirect: outputs.GetZeroTrustGatewayPolicyRuleSettingsRedirect;
     /**
      * Configure to forward the query to the internal DNS service, passing the specified 'view*id' as input. Cannot be set when 'dns*resolvers' are specified or 'resolve*dns*through*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
      */
@@ -22162,6 +22274,20 @@ export interface GetZeroTrustGatewayPolicyRuleSettingsQuarantine {
      */
     fileTypes: string[];
 }
+export interface GetZeroTrustGatewayPolicyRuleSettingsRedirect {
+    /**
+     * If true, context information will be passed as query parameters
+     */
+    includeContext: boolean;
+    /**
+     * If true, the path and query parameters from the original request will be appended to target_uri
+     */
+    preservePathAndQuery: boolean;
+    /**
+     * URI to which the user will be redirected
+     */
+    targetUri: string;
+}
 export interface GetZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally {
     /**
      * The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries.
@@ -22241,6 +22367,8 @@ export interface GetZeroTrustGatewaySettingsSettings {
     certificate: outputs.GetZeroTrustGatewaySettingsSettingsCertificate;
     /**
      * Custom certificate settings for BYO-PKI. (deprecated and replaced by `certificate`)
+     *
+     * @deprecated This attribute is deprecated.
      */
     customCertificate: outputs.GetZeroTrustGatewaySettingsSettingsCustomCertificate;
     /**
@@ -22304,7 +22432,7 @@ export interface GetZeroTrustGatewaySettingsSettingsAntivirusNotificationSetting
 }
 export interface GetZeroTrustGatewaySettingsSettingsBlockPage {
     /**
-     * Block page background color in #rrggbb format.
+     * If mode is customized*block*page: block page background color in #rrggbb format.
      */
     backgroundColor: string;
     /**
@@ -22312,33 +22440,46 @@ export interface GetZeroTrustGatewaySettingsSettingsBlockPage {
      */
     enabled: boolean;
     /**
-     * Block page footer text.
+     * If mode is customized*block*page: block page footer text.
      */
     footerText: string;
     /**
-     * Block page header text.
+     * If mode is customized*block*page: block page header text.
      */
     headerText: string;
     /**
-     * Full URL to the logo file.
+     * If mode is redirect*uri: when enabled, context will be appended to target*uri as query parameters.
+     */
+    includeContext: boolean;
+    /**
+     * If mode is customized*block*page: full URL to the logo file.
      */
     logoPath: string;
     /**
-     * Admin email for users to contact.
+     * If mode is customized*block*page: admin email for users to contact.
      */
     mailtoAddress: string;
     /**
-     * Subject line for emails created from block page.
+     * If mode is customized*block*page: subject line for emails created from block page.
      */
     mailtoSubject: string;
     /**
-     * Block page title.
+     * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
+     * Available values: "customized*block*page", "redirectUri".
+     */
+    mode: string;
+    /**
+     * If mode is customized*block*page: block page title.
      */
     name: string;
     /**
-     * Suppress detailed info at the bottom of the block page.
+     * If mode is customized*block*page: suppress detailed info at the bottom of the block page.
      */
     suppressFooter: boolean;
+    /**
+     * If mode is redirect_uri: URI to which the user should be redirected.
+     */
+    targetUri: string;
 }
 export interface GetZeroTrustGatewaySettingsSettingsBodyScanning {
     /**
@@ -22419,6 +22560,17 @@ export interface GetZeroTrustListFilter {
      */
     type?: string;
 }
+export interface GetZeroTrustListItem {
+    createdAt: string;
+    /**
+     * The description of the list item, if present
+     */
+    description: string;
+    /**
+     * The value of the item in a list.
+     */
+    value: string;
+}
 export interface GetZeroTrustListsResult {
     createdAt: string;
     /**
@@ -22429,6 +22581,10 @@ export interface GetZeroTrustListsResult {
      * API Resource UUID tag.
      */
     id: string;
+    /**
+     * The items in the list.
+     */
+    items: outputs.GetZeroTrustListsResultItem[];
     /**
      * The number of items in the list.
      */
@@ -22444,6 +22600,17 @@ export interface GetZeroTrustListsResult {
     type: string;
     updatedAt: string;
 }
+export interface GetZeroTrustListsResultItem {
+    createdAt: string;
+    /**
+     * The description of the list item, if present
+     */
+    description: string;
+    /**
+     * The value of the item in a list.
+     */
+    value: string;
+}
 export interface GetZeroTrustOrganizationCustomPages {
     /**
      * The uid of the custom page to use when a user is denied access after failing a non-identity rule.
@@ -23295,7 +23462,7 @@ export interface GetZonesResult {
     /**
      * A full zone implies that DNS is hosted with Cloudflare. A partial zone is
      * typically a partner-hosted zone or a CNAME setup.
-     * Available values: "full", "partial", "secondary".
+     * Available values: "full", "partial", "secondary", "internal".
      */
     type: string;
     /**
@@ -23847,11 +24014,11 @@ export interface LogpushJobOutputOptions {
     /**
      * String to be prepended before each batch.
      */
-    batchPrefix: string;
+    batchPrefix?: string;
     /**
      * String to be appended after each batch.
      */
-    batchSuffix: string;
+    batchSuffix?: string;
     /**
      * If set to true, will cause all occurrences of `${` in the generated files to be replaced with `x{`.
      */
@@ -23859,7 +24026,7 @@ export interface LogpushJobOutputOptions {
     /**
      * String to join fields. This field be ignored when `recordTemplate` is set.
      */
-    fieldDelimiter: string;
+    fieldDelimiter?: string;
     /**
      * List of field names to be included in the Logpush output. For the moment, there is no option to add all fields at once, so you must specify all the fields names you are interested in.
      */
@@ -23872,19 +24039,19 @@ export interface LogpushJobOutputOptions {
     /**
      * String to be inserted in-between the records as separator.
      */
-    recordDelimiter: string;
+    recordDelimiter?: string;
     /**
      * String to be prepended before each record.
      */
-    recordPrefix: string;
+    recordPrefix?: string;
     /**
      * String to be appended after each record.
      */
-    recordSuffix: string;
+    recordSuffix?: string;
     /**
-     * String to use as template for each record instead of the default comma-separated list. All fields used in the template must be present in `fieldNames` as well, otherwise they will end up as null. Format as a Go `text/template` without any standard functions, like conditionals, loops, sub-templates, etc.
+     * String to use as template for each record instead of the default json key value mapping. All fields used in the template must be present in `fieldNames` as well, otherwise they will end up as null. Format as a Go `text/template` without any standard functions, like conditionals, loops, sub-templates, etc.
      */
-    recordTemplate: string;
+    recordTemplate?: string;
     /**
      * Floating number to specify sampling rate. Sampling is applied on top of filtering, and regardless of the current `sampleInterval` of the data.
      */
@@ -24843,7 +25010,7 @@ export interface ObservatoryScheduledTestTest {
      */
     desktopReport: outputs.ObservatoryScheduledTestTestDesktopReport;
     /**
-     * UUID
+     * UUID.
      */
     id: string;
     /**
@@ -25933,6 +26100,10 @@ export interface QueueSettings {
      * Number of seconds to delay delivery of all messages to consumers.
      */
     deliveryDelay?: number;
+    /**
+     * Indicates if message delivery to consumers is currently paused.
+     */
+    deliveryPaused?: boolean;
     /**
      * Number of seconds after which an unconsumed message will be delayed.
      */
@@ -26314,11 +26485,11 @@ export interface RecordData {
     /**
      * Minutes of latitude.
      */
-    latMinutes: number;
+    latMinutes?: number;
     /**
      * Seconds of latitude.
      */
-    latSeconds: number;
+    latSeconds?: number;
     /**
      * Degrees of longitude.
      */
@@ -26331,11 +26502,11 @@ export interface RecordData {
     /**
      * Minutes of longitude.
      */
-    longMinutes: number;
+    longMinutes?: number;
     /**
      * Seconds of longitude.
      */
-    longSeconds: number;
+    longSeconds?: number;
     /**
      * Matching Type.
      */
@@ -26351,11 +26522,11 @@ export interface RecordData {
     /**
      * Horizontal precision of location.
      */
-    precisionHorz: number;
+    precisionHorz?: number;
     /**
      * Vertical precision of location.
      */
-    precisionVert: number;
+    precisionVert?: number;
     /**
      * Preference.
      */
@@ -26391,7 +26562,7 @@ export interface RecordData {
     /**
      * Size of location in meters.
      */
-    size: number;
+    size?: number;
     /**
      * Name of the property controlled by this record (e.g.: issue, issuewild, iodef).
      */
@@ -26447,11 +26618,11 @@ export interface RulesetRule {
     /**
      * The parameters configuring the rule's action.
      */
-    actionParameters: outputs.RulesetRuleActionParameters;
+    actionParameters?: outputs.RulesetRuleActionParameters;
     /**
      * The categories of the rule.
      */
-    categories: string[];
+    categories?: string[];
     /**
      * An informative description of the rule.
      */
@@ -26463,7 +26634,7 @@ export interface RulesetRule {
     /**
      * Configure checks for exposed credentials.
      */
-    exposedCredentialCheck: outputs.RulesetRuleExposedCredentialCheck;
+    exposedCredentialCheck?: outputs.RulesetRuleExposedCredentialCheck;
     /**
      * The expression defining which traffic will match the rule.
      */
@@ -26475,11 +26646,11 @@ export interface RulesetRule {
     /**
      * An object configuring the rule's logging behavior.
      */
-    logging: outputs.RulesetRuleLogging;
+    logging?: outputs.RulesetRuleLogging;
     /**
      * An object configuring the rule's ratelimit behavior.
      */
-    ratelimit: outputs.RulesetRuleRatelimit;
+    ratelimit?: outputs.RulesetRuleRatelimit;
     /**
      * The reference of the rule (the rule ID by default).
      */
@@ -26493,7 +26664,7 @@ export interface RulesetRuleActionParameters {
     /**
      * Custom order for compression algorithms.
      */
-    algorithms: outputs.RulesetRuleActionParametersAlgorithm[];
+    algorithms?: outputs.RulesetRuleActionParametersAlgorithm[];
     /**
      * Turn on or off Automatic HTTPS Rewrites.
      */
@@ -26501,7 +26672,7 @@ export interface RulesetRuleActionParameters {
     /**
      * Select which file extensions to minify automatically.
      */
-    autominify: outputs.RulesetRuleActionParametersAutominify;
+    autominify?: outputs.RulesetRuleActionParametersAutominify;
     /**
      * Turn on or off Browser Integrity Check.
      */
@@ -26509,7 +26680,7 @@ export interface RulesetRuleActionParameters {
     /**
      * Specify how long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.
      */
-    browserTtl: outputs.RulesetRuleActionParametersBrowserTtl;
+    browserTtl?: outputs.RulesetRuleActionParametersBrowserTtl;
     /**
      * Mark whether the request’s response from origin is eligible for caching. Caching itself will still depend on the cache-control header and your other caching configurations.
      */
@@ -26517,11 +26688,11 @@ export interface RulesetRuleActionParameters {
     /**
      * Define which components of the request are included or excluded from the cache key Cloudflare uses to store the response in cache.
      */
-    cacheKey: outputs.RulesetRuleActionParametersCacheKey;
+    cacheKey?: outputs.RulesetRuleActionParametersCacheKey;
     /**
      * Mark whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).
      */
-    cacheReserve: outputs.RulesetRuleActionParametersCacheReserve;
+    cacheReserve?: outputs.RulesetRuleActionParametersCacheReserve;
     /**
      * Error response content.
      */
@@ -26534,7 +26705,7 @@ export interface RulesetRuleActionParameters {
     /**
      * The cookie fields to log.
      */
-    cookieFields: outputs.RulesetRuleActionParametersCookieField[];
+    cookieFields?: outputs.RulesetRuleActionParametersCookieField[];
     /**
      * Turn off all active Cloudflare Apps.
      */
@@ -26550,7 +26721,7 @@ export interface RulesetRuleActionParameters {
     /**
      * TTL (Time to Live) specifies the maximum time to cache a resource in the Cloudflare edge network.
      */
-    edgeTtl: outputs.RulesetRuleActionParametersEdgeTtl;
+    edgeTtl?: outputs.RulesetRuleActionParametersEdgeTtl;
     /**
      * Turn on or off Email Obfuscation.
      */
@@ -26562,15 +26733,15 @@ export interface RulesetRuleActionParameters {
     /**
      * Serve a redirect based on a bulk list lookup.
      */
-    fromList: outputs.RulesetRuleActionParametersFromList;
+    fromList?: outputs.RulesetRuleActionParametersFromList;
     /**
      * Serve a redirect based on the request properties.
      */
-    fromValue: outputs.RulesetRuleActionParametersFromValue;
+    fromValue?: outputs.RulesetRuleActionParametersFromValue;
     /**
      * Map of request headers to modify.
      */
-    headers: {
+    headers?: {
         [key: string]: outputs.RulesetRuleActionParametersHeaders;
     };
     /**
@@ -26592,7 +26763,7 @@ export interface RulesetRuleActionParameters {
     /**
      * The configuration to use for matched data logging.
      */
-    matchedData: outputs.RulesetRuleActionParametersMatchedData;
+    matchedData?: outputs.RulesetRuleActionParametersMatchedData;
     /**
      * Turn on or off Mirage.
      */
@@ -26604,7 +26775,7 @@ export interface RulesetRuleActionParameters {
     /**
      * Override the IP/TCP destination.
      */
-    origin: outputs.RulesetRuleActionParametersOrigin;
+    origin?: outputs.RulesetRuleActionParametersOrigin;
     /**
      * When enabled, Cloudflare will aim to strictly adhere to RFC 7234.
      */
@@ -26616,7 +26787,7 @@ export interface RulesetRuleActionParameters {
     /**
      * A set of overrides to apply to the target ruleset.
      */
-    overrides: outputs.RulesetRuleActionParametersOverrides;
+    overrides?: outputs.RulesetRuleActionParametersOverrides;
     /**
      * A list of phases to skip the execution of. This option is incompatible with the ruleset and rulesets options.
      */
@@ -26633,7 +26804,7 @@ export interface RulesetRuleActionParameters {
     /**
      * The raw response fields to log.
      */
-    rawResponseFields: outputs.RulesetRuleActionParametersRawResponseField[];
+    rawResponseFields?: outputs.RulesetRuleActionParametersRawResponseField[];
     /**
      * Define a timeout value between two successive read operations to your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.
      */
@@ -26641,7 +26812,7 @@ export interface RulesetRuleActionParameters {
     /**
      * The raw request fields to log.
      */
-    requestFields: outputs.RulesetRuleActionParametersRequestField[];
+    requestFields?: outputs.RulesetRuleActionParametersRequestField[];
     /**
      * Specify whether or not Cloudflare should respect strong ETag (entity tag) headers. When off, Cloudflare converts strong ETag headers to weak ETag headers.
      */
@@ -26649,11 +26820,11 @@ export interface RulesetRuleActionParameters {
     /**
      * The response to show when the block is applied.
      */
-    response: outputs.RulesetRuleActionParametersResponse;
+    response?: outputs.RulesetRuleActionParametersResponse;
     /**
      * The transformed response fields to log.
      */
-    responseFields: outputs.RulesetRuleActionParametersResponseField[];
+    responseFields?: outputs.RulesetRuleActionParametersResponseField[];
     /**
      * Turn on or off Rocket Loader
      */
@@ -26681,7 +26852,7 @@ export interface RulesetRuleActionParameters {
     /**
      * Define if Cloudflare should serve stale content while getting the latest content from the origin. If on, Cloudflare will not serve stale content while getting the latest content from the origin.
      */
-    serveStale: outputs.RulesetRuleActionParametersServeStale;
+    serveStale?: outputs.RulesetRuleActionParametersServeStale;
     /**
      * Turn on or off Server Side Excludes.
      */
@@ -26689,7 +26860,7 @@ export interface RulesetRuleActionParameters {
     /**
      * Override the Server Name Indication (SNI).
      */
-    sni: outputs.RulesetRuleActionParametersSni;
+    sni?: outputs.RulesetRuleActionParametersSni;
     /**
      * Configure the SSL level.
      * Available values: "off", "flexible", "full", "strict", "originPull".
@@ -26706,11 +26877,11 @@ export interface RulesetRuleActionParameters {
     /**
      * The transformed request fields to log.
      */
-    transformedRequestFields: outputs.RulesetRuleActionParametersTransformedRequestField[];
+    transformedRequestFields?: outputs.RulesetRuleActionParametersTransformedRequestField[];
     /**
      * URI to rewrite the request to.
      */
-    uri: outputs.RulesetRuleActionParametersUri;
+    uri?: outputs.RulesetRuleActionParametersUri;
 }
 export interface RulesetRuleActionParametersAlgorithm {
     /**
@@ -26756,7 +26927,7 @@ export interface RulesetRuleActionParametersCacheKey {
     /**
      * Customize which components of the request are included or excluded from the cache key.
      */
-    customKey: outputs.RulesetRuleActionParametersCacheKeyCustomKey;
+    customKey?: outputs.RulesetRuleActionParametersCacheKeyCustomKey;
     /**
      * Treat requests with the same query parameters the same, regardless of the order those query parameters are in. A value of true ignores the query strings' order.
      */
@@ -26766,23 +26937,23 @@ export interface RulesetRuleActionParametersCacheKeyCustomKey {
     /**
      * The cookies to include in building the cache key.
      */
-    cookie: outputs.RulesetRuleActionParametersCacheKeyCustomKeyCookie;
+    cookie?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyCookie;
     /**
      * The header names and values to include in building the cache key.
      */
-    header: outputs.RulesetRuleActionParametersCacheKeyCustomKeyHeader;
+    header?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyHeader;
     /**
      * Whether to use the original host or the resolved host in the cache key.
      */
-    host: outputs.RulesetRuleActionParametersCacheKeyCustomKeyHost;
+    host?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyHost;
     /**
      * Use the presence of parameters in the query string to build the cache key.
      */
-    queryString: outputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryString;
+    queryString?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryString;
     /**
      * Characteristics of the request user agent used in building the cache key.
      */
-    user: outputs.RulesetRuleActionParametersCacheKeyCustomKeyUser;
+    user?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyUser;
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKeyCookie {
     /**
@@ -26824,11 +26995,11 @@ export interface RulesetRuleActionParametersCacheKeyCustomKeyQueryString {
     /**
      * A list of query string parameters NOT used to build the cache key. All parameters present in the request but missing in this list will be used to build the cache key.
      */
-    exclude: outputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringExclude;
+    exclude?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringExclude;
     /**
      * A list of query string parameters used to build the cache key.
      */
-    include: outputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringInclude;
+    include?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringInclude;
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKeyQueryStringExclude {
     /**
@@ -26936,7 +27107,7 @@ export interface RulesetRuleActionParametersFromValue {
     /**
      * The URL to redirect the request to.
      */
-    targetUrl: outputs.RulesetRuleActionParametersFromValueTargetUrl;
+    targetUrl?: outputs.RulesetRuleActionParametersFromValueTargetUrl;
 }
 export interface RulesetRuleActionParametersFromValueTargetUrl {
     /**
@@ -26986,7 +27157,7 @@ export interface RulesetRuleActionParametersOverrides {
     /**
      * A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.
      */
-    categories: outputs.RulesetRuleActionParametersOverridesCategory[];
+    categories?: outputs.RulesetRuleActionParametersOverridesCategory[];
     /**
      * Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.
      */
@@ -26994,7 +27165,7 @@ export interface RulesetRuleActionParametersOverrides {
     /**
      * A list of rule-level overrides. This option has the highest precedence.
      */
-    rules: outputs.RulesetRuleActionParametersOverridesRule[];
+    rules?: outputs.RulesetRuleActionParametersOverridesRule[];
     /**
      * A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.
      * Available values: "default", "medium", "low", "eoff".
@@ -27051,7 +27222,7 @@ export interface RulesetRuleActionParametersRawResponseField {
     /**
      * Whether to log duplicate values of the same header.
      */
-    preserveDuplicates: boolean;
+    preserveDuplicates?: boolean;
 }
 export interface RulesetRuleActionParametersRequestField {
     /**
@@ -27081,7 +27252,7 @@ export interface RulesetRuleActionParametersResponseField {
     /**
      * Whether to log duplicate values of the same header.
      */
-    preserveDuplicates: boolean;
+    preserveDuplicates?: boolean;
 }
 export interface RulesetRuleActionParametersServeStale {
     /**
@@ -27105,11 +27276,11 @@ export interface RulesetRuleActionParametersUri {
     /**
      * Path portion rewrite.
      */
-    path: outputs.RulesetRuleActionParametersUriPath;
+    path?: outputs.RulesetRuleActionParametersUriPath;
     /**
      * Query portion rewrite.
      */
-    query: outputs.RulesetRuleActionParametersUriQuery;
+    query?: outputs.RulesetRuleActionParametersUriQuery;
 }
 export interface RulesetRuleActionParametersUriPath {
     /**
@@ -27540,6 +27711,8 @@ export interface TeamsAccountSettings {
     certificate: outputs.TeamsAccountSettingsCertificate;
     /**
      * Custom certificate settings for BYO-PKI. (deprecated and replaced by `certificate`)
+     *
+     * @deprecated This attribute is deprecated.
      */
     customCertificate: outputs.TeamsAccountSettingsCustomCertificate;
     /**
@@ -27603,7 +27776,7 @@ export interface TeamsAccountSettingsAntivirusNotificationSettings {
 }
 export interface TeamsAccountSettingsBlockPage {
     /**
-     * Block page background color in #rrggbb format.
+     * If mode is customized*block*page: block page background color in #rrggbb format.
      */
     backgroundColor?: string;
     /**
@@ -27611,33 +27784,46 @@ export interface TeamsAccountSettingsBlockPage {
      */
     enabled?: boolean;
     /**
-     * Block page footer text.
+     * If mode is customized*block*page: block page footer text.
      */
     footerText?: string;
     /**
-     * Block page header text.
+     * If mode is customized*block*page: block page header text.
      */
     headerText?: string;
     /**
-     * Full URL to the logo file.
+     * If mode is redirect*uri: when enabled, context will be appended to target*uri as query parameters.
+     */
+    includeContext?: boolean;
+    /**
+     * If mode is customized*block*page: full URL to the logo file.
      */
     logoPath?: string;
     /**
-     * Admin email for users to contact.
+     * If mode is customized*block*page: admin email for users to contact.
      */
     mailtoAddress?: string;
     /**
-     * Subject line for emails created from block page.
+     * If mode is customized*block*page: subject line for emails created from block page.
      */
     mailtoSubject?: string;
     /**
-     * Block page title.
+     * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
+     * Available values: "customized*block*page", "redirectUri".
+     */
+    mode: string;
+    /**
+     * If mode is customized*block*page: block page title.
      */
     name?: string;
     /**
-     * Suppress detailed info at the bottom of the block page.
+     * If mode is customized*block*page: suppress detailed info at the bottom of the block page.
      */
     suppressFooter?: boolean;
+    /**
+     * If mode is redirect_uri: URI to which the user should be redirected.
+     */
+    targetUri?: string;
 }
 export interface TeamsAccountSettingsBodyScanning {
     /**
@@ -27890,6 +28076,10 @@ export interface TeamsRuleRuleSettings {
      * Settings that apply to quarantine rules
      */
     quarantine: outputs.TeamsRuleRuleSettingsQuarantine;
+    /**
+     * Settings that apply to redirect rules
+     */
+    redirect: outputs.TeamsRuleRuleSettingsRedirect;
     /**
      * Configure to forward the query to the internal DNS service, passing the specified 'view*id' as input. Cannot be set when 'dns*resolvers' are specified or 'resolve*dns*through*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
      */
@@ -28066,6 +28256,20 @@ export interface TeamsRuleRuleSettingsQuarantine {
      */
     fileTypes?: string[];
 }
+export interface TeamsRuleRuleSettingsRedirect {
+    /**
+     * If true, context information will be passed as query parameters
+     */
+    includeContext?: boolean;
+    /**
+     * If true, the path and query parameters from the original request will be appended to target_uri
+     */
+    preservePathAndQuery?: boolean;
+    /**
+     * URI to which the user will be redirected
+     */
+    targetUri: string;
+}
 export interface TeamsRuleRuleSettingsResolveDnsInternally {
     /**
      * The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries.
@@ -28430,6 +28634,14 @@ export interface WorkerScriptAssets {
     jwt?: string;
 }
 export interface WorkerScriptAssetsConfig {
+    /**
+     * The contents of a _headers file (used to attach custom headers on asset responses)
+     */
+    _headers?: string;
+    /**
+     * The contents of a _redirects file (used to apply redirects or proxy paths ahead of asset serving)
+     */
+    _redirects?: string;
     /**
      * Determines the redirects and rewrites of requests for HTML content.
      * Available values: "auto-trailing-slash", "force-trailing-slash", "drop-trailing-slash", "none".
@@ -28446,6 +28658,8 @@ export interface WorkerScriptAssetsConfig {
     runWorkerFirst: boolean;
     /**
      * When true and the incoming request matches an asset, that will be served instead of invoking the Worker script. When false, requests will always invoke the Worker script.
+     *
+     * @deprecated This attribute is deprecated.
      */
     serveDirectly: boolean;
 }
@@ -28687,11 +28901,21 @@ export interface WorkersDeploymentVersion {
 }
 export interface WorkersRouteError {
     code: number;
+    documentationUrl: string;
     message: string;
+    source: outputs.WorkersRouteErrorSource;
+}
+export interface WorkersRouteErrorSource {
+    pointer: string;
 }
 export interface WorkersRouteMessage {
     code: number;
+    documentationUrl: string;
     message: string;
+    source: outputs.WorkersRouteMessageSource;
+}
+export interface WorkersRouteMessageSource {
+    pointer: string;
 }
 export interface WorkersScriptAssets {
     /**
@@ -28704,6 +28928,14 @@ export interface WorkersScriptAssets {
     jwt?: string;
 }
 export interface WorkersScriptAssetsConfig {
+    /**
+     * The contents of a _headers file (used to attach custom headers on asset responses)
+     */
+    _headers?: string;
+    /**
+     * The contents of a _redirects file (used to apply redirects or proxy paths ahead of asset serving)
+     */
+    _redirects?: string;
     /**
      * Determines the redirects and rewrites of requests for HTML content.
      * Available values: "auto-trailing-slash", "force-trailing-slash", "drop-trailing-slash", "none".
@@ -28720,6 +28952,8 @@ export interface WorkersScriptAssetsConfig {
     runWorkerFirst: boolean;
     /**
      * When true and the incoming request matches an asset, that will be served instead of invoking the Worker script. When false, requests will always invoke the Worker script.
+     *
+     * @deprecated This attribute is deprecated.
      */
     serveDirectly: boolean;
 }
@@ -31286,11 +31520,11 @@ export interface ZeroTrustDeviceCustomProfileExclude {
     /**
      * The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present.
      */
-    address: string;
+    address?: string;
     /**
      * A description of the Split Tunnel item, displayed in the client UI.
      */
-    description: string;
+    description?: string;
     /**
      * The domain name to exclude from the tunnel. If `host` is present, `address` must not be present.
      */
@@ -31312,15 +31546,15 @@ export interface ZeroTrustDeviceCustomProfileFallbackDomain {
 }
 export interface ZeroTrustDeviceCustomProfileInclude {
     /**
-     * The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present.
+     * The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present.
      */
-    address: string;
+    address?: string;
     /**
      * A description of the Split Tunnel item, displayed in the client UI.
      */
-    description: string;
+    description?: string;
     /**
-     * The domain name to exclude from the tunnel. If `host` is present, `address` must not be present.
+     * The domain name to include in the tunnel. If `host` is present, `address` must not be present.
      */
     host?: string;
 }
@@ -31362,11 +31596,11 @@ export interface ZeroTrustDeviceDefaultProfileExclude {
     /**
      * The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present.
      */
-    address: string;
+    address?: string;
     /**
      * A description of the Split Tunnel item, displayed in the client UI.
      */
-    description: string;
+    description?: string;
     /**
      * The domain name to exclude from the tunnel. If `host` is present, `address` must not be present.
      */
@@ -31388,15 +31622,15 @@ export interface ZeroTrustDeviceDefaultProfileFallbackDomain {
 }
 export interface ZeroTrustDeviceDefaultProfileInclude {
     /**
-     * The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present.
+     * The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present.
      */
-    address: string;
+    address?: string;
     /**
      * A description of the Split Tunnel item, displayed in the client UI.
      */
-    description: string;
+    description?: string;
     /**
-     * The domain name to exclude from the tunnel. If `host` is present, `address` must not be present.
+     * The domain name to include in the tunnel. If `host` is present, `address` must not be present.
      */
     host?: string;
 }
@@ -31707,6 +31941,8 @@ export interface ZeroTrustDlpCustomProfileEntryPattern {
     regex: string;
     /**
      * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
      */
     validation?: string;
 }
@@ -31759,6 +31995,8 @@ export interface ZeroTrustDlpCustomProfileProfileEntryPattern {
     regex: string;
     /**
      * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
      */
     validation?: string;
 }
@@ -31848,6 +32086,8 @@ export interface ZeroTrustDlpEntryPattern {
     regex: string;
     /**
      * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
      */
     validation?: string;
 }
@@ -31942,18 +32182,39 @@ export interface ZeroTrustDnsLocationNetwork {
     network: string;
 }
 export interface ZeroTrustGatewayLoggingSettingsByRuleType {
+    dns: outputs.ZeroTrustGatewayLoggingSettingsByRuleTypeDns;
+    http: outputs.ZeroTrustGatewayLoggingSettingsByRuleTypeHttp;
+    l4: outputs.ZeroTrustGatewayLoggingSettingsByRuleTypeL4;
+}
+export interface ZeroTrustGatewayLoggingSettingsByRuleTypeDns {
     /**
-     * Logging settings for DNS firewall.
+     * Log all requests to this service.
      */
-    dns?: string;
+    logAll?: boolean;
     /**
-     * Logging settings for HTTP/HTTPS firewall.
+     * Log only blocking requests to this service.
      */
-    http?: string;
+    logBlocks?: boolean;
+}
+export interface ZeroTrustGatewayLoggingSettingsByRuleTypeHttp {
+    /**
+     * Log all requests to this service.
+     */
+    logAll?: boolean;
     /**
-     * Logging settings for Network firewall.
+     * Log only blocking requests to this service.
      */
-    l4?: string;
+    logBlocks?: boolean;
+}
+export interface ZeroTrustGatewayLoggingSettingsByRuleTypeL4 {
+    /**
+     * Log all requests to this service.
+     */
+    logAll?: boolean;
+    /**
+     * Log only blocking requests to this service.
+     */
+    logBlocks?: boolean;
 }
 export interface ZeroTrustGatewayPolicyExpiration {
     /**
@@ -32053,6 +32314,10 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
      * Settings that apply to quarantine rules
      */
     quarantine: outputs.ZeroTrustGatewayPolicyRuleSettingsQuarantine;
+    /**
+     * Settings that apply to redirect rules
+     */
+    redirect: outputs.ZeroTrustGatewayPolicyRuleSettingsRedirect;
     /**
      * Configure to forward the query to the internal DNS service, passing the specified 'view*id' as input. Cannot be set when 'dns*resolvers' are specified or 'resolve*dns*through*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
      */
@@ -32229,6 +32494,20 @@ export interface ZeroTrustGatewayPolicyRuleSettingsQuarantine {
      */
     fileTypes?: string[];
 }
+export interface ZeroTrustGatewayPolicyRuleSettingsRedirect {
+    /**
+     * If true, context information will be passed as query parameters
+     */
+    includeContext?: boolean;
+    /**
+     * If true, the path and query parameters from the original request will be appended to target_uri
+     */
+    preservePathAndQuery?: boolean;
+    /**
+     * URI to which the user will be redirected
+     */
+    targetUri: string;
+}
 export interface ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally {
     /**
      * The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries.
@@ -32308,6 +32587,8 @@ export interface ZeroTrustGatewaySettingsSettings {
     certificate: outputs.ZeroTrustGatewaySettingsSettingsCertificate;
     /**
      * Custom certificate settings for BYO-PKI. (deprecated and replaced by `certificate`)
+     *
+     * @deprecated This attribute is deprecated.
      */
     customCertificate: outputs.ZeroTrustGatewaySettingsSettingsCustomCertificate;
     /**
@@ -32371,7 +32652,7 @@ export interface ZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings {
 }
 export interface ZeroTrustGatewaySettingsSettingsBlockPage {
     /**
-     * Block page background color in #rrggbb format.
+     * If mode is customized*block*page: block page background color in #rrggbb format.
      */
     backgroundColor?: string;
     /**
@@ -32379,33 +32660,46 @@ export interface ZeroTrustGatewaySettingsSettingsBlockPage {
      */
     enabled?: boolean;
     /**
-     * Block page footer text.
+     * If mode is customized*block*page: block page footer text.
      */
     footerText?: string;
     /**
-     * Block page header text.
+     * If mode is customized*block*page: block page header text.
      */
     headerText?: string;
     /**
-     * Full URL to the logo file.
+     * If mode is redirect*uri: when enabled, context will be appended to target*uri as query parameters.
+     */
+    includeContext?: boolean;
+    /**
+     * If mode is customized*block*page: full URL to the logo file.
      */
     logoPath?: string;
     /**
-     * Admin email for users to contact.
+     * If mode is customized*block*page: admin email for users to contact.
      */
     mailtoAddress?: string;
     /**
-     * Subject line for emails created from block page.
+     * If mode is customized*block*page: subject line for emails created from block page.
      */
     mailtoSubject?: string;
     /**
-     * Block page title.
+     * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
+     * Available values: "customized*block*page", "redirectUri".
+     */
+    mode: string;
+    /**
+     * If mode is customized*block*page: block page title.
      */
     name?: string;
     /**
-     * Suppress detailed info at the bottom of the block page.
+     * If mode is customized*block*page: suppress detailed info at the bottom of the block page.
      */
     suppressFooter?: boolean;
+    /**
+     * If mode is redirect_uri: URI to which the user should be redirected.
+     */
+    targetUri?: string;
 }
 export interface ZeroTrustGatewaySettingsSettingsBodyScanning {
     /**